Would be curious to know if Eloston & wchen342 think running UG in (a well-configured) firejail would provide another layer of protection (between attacker & your filesystem) in the case of chromium 0-days.
:point_up: Edit: Would be curious to know if Eloston & wchen342 think running UG in (a well-configured) firejail or bubblewrap would provide another layer of protection (between attacker & your filesystem) in the case of chromium 0-days.
The topic can be expanded all the way to pages, and it is not a "right vs. wrong" thing. Some very quick points being: 1. bubblewrap is better in terms of security, failjail has better usability; 2. Like flatpak, failjail needs to be set-up correctly otherwise it's a placebo; 3. Linux desktop is inherently insecure, thus Qubes. However security is usually not the first priority in the choice of using Linux; 4. It is kind of unfair to blame flatpak because packages set their own permissions; it can be improved probably with a permission whitelist like Android but that's a design choice.
wchen342: I haven't hardened the permissions too much in an effort to reduce bug reports related to broken functionality. By default I allow access to the read-write access to the home directory and all devices (webcam, GPU, etc)
You could use flatpak-override or a front-end to it like Flatseal to change that and harden it
hello this is probably a silly question but I am not a seasoned chromium user.. how can I disable the home screen shortcuts from visited websites? I could not find any pertinent settings and am not sure how its persisting
I'm able to log in to my account, but when it loads teams it hangs on the load until it times out and gives a generic "We've encountered a problem". When I log in from browsers that work, it flips through about a half dozen URLs that it fetches. On UGC it stops after about the second. I wondered if it had to do with the auto-https when no transport method is specified, but that's just speculation.
it states i have to download widevinecdm files and place them in the programs widevine folder. then i went to chrome compartments to update widevine plugin. the update doesnt finish and the version stays at 0.0.0.0
Getting on par with firefox is quite the effort I think, maybe when extensions v2 get phased out for good there could be a solution across other chromium distributions as well that not only retains core functionality but also improves the apis
the pihole is great but theres a trade off between tons of features and ways to block requests (or even just select elements) and protecting a network as a whole
It is quite a complicated topic. GrapheneOS devs say they don't support adblockers in vanadium because they're a security threat
And DNS blocking doesn't work well at all
I'll have to look into what ublock origin can do that piholes can't
Hi, i didn't like how ungoogled-chromium is built on obs but there is no ungoogled-chromium package available on opensuse at all! So, on obs, i linked official chromium package, and wrote service/patches that download ungoogled-chromium master and applies patches. Could you perhaps consider pulling it in as official? It requires minimum maintenance as amount of changes is really minimal and it updates itself https://build.opensuse.org/package/show/home:Mister_Magister/chromium
The ungoogled_chromium group on obs is maintained by github user braewoods, you would probably need to talk to them to get the package added. Officially supported platforms are currently defined to have a github repository that contains necessary downstream patches and build configurations (see https://github.com/Eloston/ungoogled-chromium/blob/master/docs/repo_management.md), if you create a platform repository for openSUSE that could maybe be moved to the ungoogled-software organisation at some point (at the moment its a bit hard to make changes to the project's structure as Eloston is very busy)